Wednesday, February 11, 2009

Kaspersky DB Hit by SQL Injection Attack!

Kaspersky Database Hit by SQL Injection Attack (February 9, 2009) Kaspersky Lab has confirmed reports that an intruder was able to access a company database that holds customer information through an SQL injection attack. The information was exposed for a week and a half before the company became aware of the situation. A senior researcher at the company said that no customer data were accessed; the attack accessed only the database's table labels. Upon learning of the vulnerability, Kaspersky "immediately took action to roll back the [affected] subsection of the site to eliminate the risk." The company has hired an expert to investigate the breach
For more info:-
http://www.crn.com/security/213402735

New Microsoft Security Bulletins Released!

Microsoft has released 4 new security bulletins.

1. MS09-002: Cumulative Security Update for Internet Explorer (961260) http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
2. MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
3. MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
4. MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important